openSUSE Security Update: kdegraphics3: fixing various pointer dereferencing vulnerabilities (CVE-2009-1709 and CVE-2009-0945) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:1035-1 Rating: important References: #512559 #600469 Cross-References: CVE-2009-0945 CVE-2009-1709 Affected Products: openSUSE 11.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: Various pointer dereferencing vulnerabilities in kdegraphics3's KSVG have been fixed. CVE-2009-1709 and CVE-2009-0945 have been assigned to this issue. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch kdegraphics3-3479 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (i586 ppc x86_64): kdegraphics3-3.5.10-1.66.1 kdegraphics3-3D-3.5.10-1.66.1 kdegraphics3-devel-3.5.10-1.66.1 kdegraphics3-extra-3.5.10-1.66.1 kdegraphics3-fax-3.5.10-1.66.1 kdegraphics3-imaging-3.5.10-1.66.1 kdegraphics3-kamera-3.5.10-1.66.1 kdegraphics3-pdf-3.5.10-1.66.1 kdegraphics3-postscript-3.5.10-1.66.1 kdegraphics3-scan-3.5.10-1.66.1 kdegraphics3-tex-3.5.10-1.66.1 References: http://support.novell.com/security/cve/CVE-2009-0945.html http://support.novell.com/security/cve/CVE-2009-1709.html https://bugzilla.novell.com/512559 https://bugzilla.novell.com/600469